Unrated severityNVD Advisory· Published Aug 9, 2023· Updated Sep 20, 2024

Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2

CVE-2023-22378

Description

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.

Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.

Affected products

Nozominetworks/Cmcv5
Range: 0
Nozominetworks/Guardianv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.nozominetworks.com/NN-2023:2-01mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000